This ERC introduces a new wallet RPC, wallet_addSubAccount, which allows an app to request a wallet to track a smart account that the wallet owns. It also allows apps to request the wallet to provision a new account, owned by the universal wallet with a signer provided by the caller.
Embedded app accounts (onchain accounts specific to a single app) have led to a proliferation of user addresses, which can be difficult for users to keep track of. Many embedded app account users also have a universal wallet, which can be used across apps. With hierarchical ownershipâwhere one smart account can own anotherâif the embedded app account is a smart account, it could be owned by the userâs universal wallet. This would allow users to be able to control an app account via their universal wallet. However, though hierarchical ownership is already possible today, there is no way for apps to tell universal wallets about embedded app accounts a user may have. The proposed RPC provides a path for this.
it is unclear to me who own the keys.
from the text, it seems that the caller (the app) is the owner of the keys.
this gives a lot of power to the app - but also adds a threat vector: an account was added into the wallet, and the user might feel this sub-account is as safe as its own⌠however, the keys of this account are the appâs keys.
missing are security considerations, on how to mitigate this security risk
limit the sub-accounts to specific app
warning the user about the safety of such account (namely: if a user moves funds into this sub-account, it is equivalent to sending them to the app-specific contract: good as long as you fully trust the app. The fact it is called âsub-accountâ of the user and managed through the wallet doesnât bring it extra security compared to dApp-owned service holding those funds.